Unix/Linux Go Back    

OpenSolaris 2009.06 - man page for des (opensolaris section 1)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

des(1)					  User Commands 				   des(1)

       des - encrypt or decrypt data using Data Encryption Standard

       des -e |  -d [-bfs] [-k key] [input-file [output-file]]

       des  encrypts  and  decrypts data using the NBS Data Encryption Standard algorithm. One of
       -e (for encrypt) or -d (for decrypt) must be specified.

       The  des command is provided to promote secure exchange of data in a standard fashion.

       Two standard encryption modes are supported by the des program, Cipher Block Chaining (CBC
       --  the	default)  and Electronic Code Book (ECB -- specified with -b). CBC mode treats an
       entire file as a unit of encryption, that is, if insertions or deletions are made  to  the
       encrypted  file	then decryption will not succeed. CBC mode also ensures that regularities
       in clear data do not appear in the encrypted data. ECB mode treats each 8 bytes	as  units
       of  encryptions, so if parts of the encrypted file are modified then other parts may still
       be decrypted. Identical values of clear text encrypt to identical values of cipher text.

       The key used for the DES algorithm is obtained by prompting the user unless the	`-k  key'
       option  is  given. If the key is an argument to the des command, it is potentially visible
       to users executing ps(1) or a derivative.  To minimize this possibility, des takes care to
       destroy the key argument immediately upon entry.

       The  des  command attempts to use DES hardware for its job, but will use a software imple-
       mentation of the DES algorithm if the hardware is unavailable.  Normally, a  warning  mes-
       sage is printed if the DES hardware is unavailable since the software is only about 1/50th
       as fast.  However, the  -f option will suppress the warning. The -s option may be used  to
       force use of software instead of hardware DES.

       The  des  command  reads  from standard input unless input-file is specified and writes to
       standard output unless output-file is given.

       The following sections give information required to  implement  compatible  facilities  in
       other environments.

       Since  the  CBC and ECB modes of DES require units of 8 bytes to be encrypted, files being
       encrypted by the des command have 1 to 8 bytes appended to them to cause them to be a mul-
       tiple  of 8 bytes. The last byte, when decrypted, gives the number of bytes (0 to 7) which
       are to be saved of the last 8 bytes. The other bytes of those appended to  the  input  are
       randomized  before encryption. If, when decrypting, the last byte is not in the range of 0
       to 7 then either the encrypted file has been corrupted or an incorrect  key  was  provided
       for decryption and an error message is printed.

       The DES algorithm requires an 8 byte key whose low order bits are assumed to be odd-parity
       bits.  The ASCII key supplied by the user is zero padded to 8 bytes  and  the  high  order
       bits  are  set  to be odd-parity bits.  The DES algorithm then ignores the low bit of each
       ASCII character, but that bit's information has been preserved in the high bit due to  the

       The CBC mode of operation always uses an initial value of all zeros for the initialization
       vector, so the first 8 bytes of a file are encrypted the same whether in CBC or ECB mode.

       -b	Select ECB (eight bytes at a time) encryption mode.

       -d	Decrypt data.

       -e	Encrypt data.

       -f	Suppress warning message when software implementation is used.

       -s	Select software implementation for the encryption algorithm.

       -kkey	Use the encryption  key specified.



       It would be better to use a real 56-bit key rather than	an  ASCII-based  56-bit  pattern.
       Knowing	that  the  key	was derived from ASCII radically reduces the time necessary for a
       brute-force cryptographic attack.

SunOS 5.11				    3 Mar 2008					   des(1)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 09:49 AM.